According to Martin Koopmans, cyber crisis readiness is not about detailed playbooks or theoretical scenarios, but about something far more practical: knowing what to do when things go wrong and having genuinely practised it. “No two crises are the same. But if you practise, you at least know who is responsible for what, how the […]
Martin de Vries is CISO at VDL. Before that, he held the same role at Eindhoven University of Technology (TU/e), where he experienced up close how a cyber crisis can turn an organisation upside down in an instant. In this interview, Martin shares what crisis exercises actually mean when it’s real. How practising ensures you
A cyber crisis rarely announces itself neatly. There’s no starting gun, and almost never immediate, complete clarity. There’s a report, a suspicion, a few signals that don’t add up. And meanwhile, everyone is looking at the same people in the organization with one expectation: take control and fix it. According to Cees Berrens, that is
Cees Berrens: “Cyber crisis readiness isn’t a plan, it’s behavior under pressure” Read More »
Jochem Smit is a Senior Crisis Management Trainer at CCRC and brings hands-on experience from real ransomware incidents. At Northwave, he was one of four senior crisis managers responding to major cyber incidents. “They were all ransomware cases.” In those situations, an organization’s infrastructure is partly or completely down. Companies, often via their insurer, quickly
Jochem Smit: “The aftermath of ransomware is often worse than the attack” Read More »
Jelle Niemantsverdriet is a Senior Crisis Management Trainer at CCRC, with more than twenty years of experience in cybersecurity and incident response. He has worked at Fox-IT, Verizon, Deloitte, and Microsoft, helping organizations respond to incidents and build crisis management capabilities. In this interview, he explains where teams often stumble, what makes an exercise truly
Jelle Niemantsverdriet: “The biggest vulnerability in a crisis is silence” Read More »
Chris van ‘t Hof, as director of DIVD, is used to seeing vulnerabilities before they become incidents. But in CCRC crisis training, he sits on the other side of the spectrum: there he sees what happens once things do go wrong and how quickly a technical problem turns into a management stress test. He writes
Recently in Security Innovation Stories, an article appeared with the key insights from the podcast with our co-founder and CCRC board member Kelvin Rorive. One message is made crystal clear: true cyber resilience is not achieved alone, but together with your chain partners. Kelvin expressed it powerfully: “As an SME, you are digitally dependent on
True Cyber Resilience Begins with Collaboration Read More »
In recent years, I have guided numerous organizations in dealing with digital crises. I consistently see the same thing: it’s rarely the technology that fails, but often the collaboration and decision-making at critical moments. That’s why I found it valuable to contribute on behalf of CCRC to the new NCSC whitepaper: ‘Practice makes perfect.’ Why
Practicing with Cyber Crisis Situations: Resilience Requires Action Read More »
With that powerful statement from CCRC initiator Kelvin Rorive, journalist William Visterin opens his article that recently appeared on Computable. The piece is part of a special security summer series leading up to Cybersec Netherlands, which takes place on September 10 and 11 at Jaarbeurs Utrecht. Kelvin Rorive, CISO at ICT Group and co-founder of
Cybersecurity is No Longer a Solo Sport Read More »
Compliant yet vulnerable An audit full of green checkmarks provides peace of mind. But false security lurks. Because when a targeted cyberattack brings your organization to its knees, compliance rarely equals actual resilience. In this blog, I share a personal conviction: true digital security doesn’t arise from paper standards, but from a culture of risk
